TECH-156 - Update the Civic frontend canister

.github/workflows/ci.yaml → .github/workflows/ci-local.yaml

@@ -1,10 +1,10 @@
-name: CI Build and Test
+name: CI Build and Test (Local setup)
 
 on: [push, pull_request]
   # push:
-  #   branches: [ "gh-actions" ]
+  #   branches: [ "develop" ]
   # pull_request:
-  #   branches: [ "gh-actions" ]
+  #   branches: [ "develop" ]
 
 
 env:
@@ -26,35 +26,45 @@ jobs:
     steps:
     - name: Check out repository code
       uses: actions/checkout@v4
-      with:
-        submodules: 'recursive'
     - name: Set up environment
       run: |
         echo "Setting up on ${{ matrix.os }}"
         mv ic-test-machine-binaries/ic-test-state-machine${{ matrix.file_suffix }} ic-test-state-machine
-
     - name: Install dfx  
       uses: dfinity/setup-dfx@main
     - name: Confirm successful installation
       run: dfx --version
     - name: Install Rust target
       run: rustup target add wasm32-unknown-unknown
+
     - name: Install dependencies
       run: |
-        yarn install 
+        npm install 
         cargo install ic-wasm
-    - name: Install canisters and start local ICP replica
+    - name: Create canisters and start local ICP replica
       run: |
-        mkdir src/civic_canister_backend/dist
-        mkdir src/relying_canister_frontend/dist
         dfx start --clean --background
         dfx canister create --all
-    - name: Build canisters
-      run: dfx build
-    - name: Deploy canisters
-      run: dfx canister install --all && dfx deploy 
+    - name: Set env variables
+      run: |
+        chmod +x scripts/set-env-vars.sh
+        scripts/set-env-vars.sh
+    - name: Deploy Civic Canister and Internet Identity
+      run: |
+        scripts/deploy-civic.sh
+        dfx deploy internet_identity
+    - name: Deploy RP 
+      id: deploy_rp
+      continue-on-error: true
+      run: |
+        dfx deploy relying_canister_frontend
+    - name: Deploy Civic FE
+      run: dfx deploy civic_canister_frontend
+    - name: Try again to deploy RP if it previously failed
+      if:  steps.deploy_rp.outcome == 'failure'
+      run: dfx deploy relying_canister_frontend
+
     - name: Run tests
       run: |
         chmod +x ic-test-state-machine
-        # cargo test --test integration_tests --verbose
-    - run: echo "🐧 This job's status is ${{ job.status }}."
+        cargo test --test integration_tests

.gitignore

@@ -1,4 +1,25 @@
-node_modules
-target
-dist
-.dfx
+# Various IDEs and Editors
+.vscode/
+.idea/
+**/*~
+
+# Mac OSX temporary files
+.DS_Store
+**/.DS_Store
+
+# dfx temporary files
+.dfx/
+
+# generated files
+**/declarations/
+
+# rust
+target/
+
+# frontend code
+node_modules/
+dist/
+.svelte-kit/
+
+# environment variables
+.env

README.md

@@ -97,6 +97,16 @@ cargo test --test integration_tests
 1. Open the ```civic_canister_frontend``` using the second URL (looks like so: `http://${canister-id}.localhost:4943/`). Login & issue the credential. The credential is now stored against the principal that's printed. 
 2. Open the ```relying_canister_frontend``` using the second URL again. Login and request the VC through Internet Identity. 
 
+## Alternative Frontends 
+
+Setting the correct derivationOrigin/Alternative Frontends of the canisters allows the II backend to correctly convert the principals from the civic POV to the RP POV. The key point is that the the `origin` of the issuer inside the vc-flow call should match the `derivationOrigin` in the login process to the issuer (ie in the civic frontend canister).
+
+1. In the civic frontend, the user logs into the canister using the civic canister backend as `derivationOrigin`. This allows the user's principal to be the same for civic canister backend (since the user is using the _frontend_ canister and they are two separate canisters, II would otherwise use different principals)
+2. In the RP, the user wants to request from the issuer of the credentials, namely the civic canister backend. Therefore, the `origin` in the call to the start the vc-flow is set as the civic canister backend. 
+
+3. II must map the generated alias between the RP Canister and the Issuing Canister (in order to provide unlinkability of the user's identities). In the vc-flow, when II is sending a `request_credential` to the backend, the principal that it's using must be the one that the civic canister backend stored the credentials under. By specifying a `derivationOrigin` during the login, II knows to use the same principal as in the login to send to the backend and check for stored credentials. Otherwise there will be an `unauthorized principal` error. 
+
+
 ## ICP Notes
 
 ### Flow for the user sign-in 

dfx.json

@@ -3,17 +3,15 @@
   "__1": "We use '__X' fields (unknown fields are ignored by dfx) to leave comments.",
   "canisters": {
     "internet_identity": {
-      "__0": "The development build of Internet Identity. For more information, see https://github.com/dfinity/internet-identity#build-features-and-flavors",
-      "type": "custom",
       "candid": "https://github.com/dfinity/internet-identity/releases/latest/download/internet_identity.did",
-      "wasm": "https://github.com/dfinity/internet-identity/releases/latest/download/internet_identity_dev.wasm.gz",
-
-      "__2": "The remote block indicates that this canister is only used locally and should not be deployed on the IC.",
+      "frontend": {},
       "remote": {
         "id": {
           "ic": "rdmx6-jaaaa-aaaaa-aaadq-cai"
         }
-      }
+      },
+      "type": "custom",
+      "wasm": "https://github.com/dfinity/internet-identity/releases/latest/download/internet_identity_dev.wasm.gz"
     },
 
     "civic_canister_backend": {
@@ -22,38 +20,21 @@
       "type": "rust"
     },
 
-
-
     "civic_canister_frontend": {
-      "__0": "Canisters of type 'assets' are like buckets. When deployed, dfx creates a canister that is just one big empty map.",
-      "__1": "After the canister itself is created, dfx uploads all the files specified in the 'source' field.",
-      "__2": "Those files are then stored in the canister's map and served with http_request.",
-
-      "__3": "NOTE: dfx will run 'npm run build' when the canister is to be built (dfx build or dfx deploy)",
-      "__4": "(which in this case populates 'dist/', see package.json).",
-      "__5": "source must be a directory, otherwise we get a cryptic error.",
-      "frontend": {
-        "entrypoint": "src/civic_canister_frontend/dist/index.html"
-
-      },
       "source": [
         "src/civic_canister_frontend/dist"
-
       ],
       "type": "assets",
-      "__6": "NOTE: the 'frontend' signals dfx that it is useful to print out the front-end URL of this canister when deploying. It is not strictly required."
+      "workspace": "civic_canister_frontend"
     },
 
     "relying_canister_frontend": {
-      "frontend": {
-        "entrypoint": "src/relying_canister_frontend/src/index.html"
-      },
       "source": [
         "src/relying_canister_frontend/dist"
       ],
-      "type": "assets"
+      "type": "assets",
+      "workspace": "relying_canister_frontend"
     }
-
   },
   "defaults": {
     "build": {